Messages

Traffic reporting is really pretty and I love animation and how smooth side scrolling is but it needs few improvements to be useful:

1 pause button - so one can inspect the data w/o it disappearing into the abyss
2 would it be possible to show source and destination in the 'speech cloud'?
3 longer time frame option -  current one is just too short
4 top talkers tab should allow sorting by clicking on particular column header

thank you

Thanks.  Debug sounds like a non-production setting which I will try to avoid for now.  My concern is mostly about unknown unknowns -if I cannot see/detect this UDP stream - what else am I missing?

Internet apps are becoming more and more like malware, trying to bypass LAN for better user experience or to send telemetry to get a leg up on the competition.  I, on the other hand, want to know what is going on within my LAN  :D

Thanks for the tips.  I could not find pf.conf nor I could find information on UDP state timout value in opnsense in the docs.

Only found this feature request to make it adjustable: https://github.com/opnsense/core/issues/1330

In the meantime, I re-entered all netflow info, rebooted and now Elastiflow's logstash is receiving the traffic.

Firewall live view continues to see no traffic going to port 2055 -except localhost:2055 which is interesting since insight is turned off... 

That's what baffles me - all rules that are listed in GUI, autogenerated and manual, are logging(except ivp6 as I have ipv6 blocked and turned off).  Firewall's live view has no record of traffic going to my netflow collector IP.

However, connection does show up under Firewall: Diagnostics: States Dump

tcpdump shows UDP packets sent to the flow collector. 

It concerns me that firweall shows no traffic.  What can I enable so firewall logs all of the connections?

Hi have netflow export setup to external IP, 192.168.1.9:2055  but I do not see any traffic in the firewall alerts going to destination port or IP (blocked or allowed). 

What's the best way to confirm that traffic is flowing or confirm that netflow is working?

@Xelas good point, I know cisco does and monowall had this feature, similar to display settings in Windows where change is reverted if not confirmed working (presumably because you're locked out).

Good to know that I can turn off the firewall completely, however I just want full control of the firewall, not to get rid of the firewall altogether.

At the least, I would be happy if OPNsense allowed custom rules to take precedence over automatically generated ones...or have ability to turn them off if getting rid of them would break scripts.

I'm new to opnsense and I don't know what I'm doing but I would try to turn off hardware network features, especially LRO:

https://docs.opnsense.org/manual/interfaces_settings.html

It seems we are looking for same answers.  One thing of note is that this rule supposed (gray lightning bolt) to evaluate last so I think it would be possible to add custom rule negating it in whole or partially.

I'm new to opnsense, have the same question, and based on my searches (how I found this thread) it appears that it is not possible to turn off autogenerated rules.  :-\

I'm starting with opnsense, still, I would suggest to check if multiwan can do what you are after.

Is there a way to turn off "let out anything from firewall host itself" rule or other automatically created rules that do not have the looking glass icon?

I'm getting a lot of entries from OPNsense rules.  Is there a way I suppress logging from automatically generated rules?

thank you.

Viewing fw logs within Opnsense is pretty rudimentary as search queries don't save when you leave the page, and there is no NOT selection, etc

I'm curious how people are parsing fw logs and if there's a plugin or another software (linux or FreeBSD) that is commonly used?  I suppose I could use awk or grep, however I'd prefer GUI over shell.